Consortium Partnership Project To Attack DDoS

Last December, a continuous distributed denial of service (DDoS) attack against Janet, a high-speed computer network used by numerous institutions in the United Kingdom, brought Web sites and other systems down and forced much of the academic community across that country offline for multiple days.

Now a consortium of colleges and universities in the United States will be working with a security company to help create a mechanism that enables multiple organizations to work together to defend against DDoS attacks. Members of the Northwest Academic Computing Consortium (NWACC) information security initiative will be working with Galois (pronounced “gal-wah”) to help define the strategy and try out the technology to be developed.

Galois in January received a $1.7 million contract by the Department of Homeland Security Science and Technology Directorate to create the technology. The project, DDoS Defense for a Community of Peers (3DCoP), involves the creation of a peer-to-peer collaboration mechanism through which organizations can work together to detect and mitigate DDoS attacks.

The partnership started, according to NWACC President Martin Ringle, when a Galois representative gave a presentation at a security workshop held by the organization. “This specific project that Galois had in mind intrigued the information security community in NWACC,” he said. “And the staff member at Galois was very impressed by the fact that you could collect so many IS security officers from higher education who were talking to each other and willing to work with each other.”

The collaboration comes at an opportune time, as the number of DDoS attacks continues to rise, according to a number of sources. As an example, Verisign, which sells a DDoS protection service, reported 53 percent more attacks in the third quarter of 2015 than in the second quarter among its customers and mitigated more attacks in Q3 2015 than any other quarter from the previous two years.

“When they occur, [these attacks] can be incredibly crippling to an institution,” said Ringle. One of the “biggest problems” with DDoS attacks, he explained, “is that it takes time to figure out what the nature of the attack is, what the targets are, how many different sites are being impacted by it, possibly what the route is it’s taking, where it’s originating and how to defend against it and remediate it.”

An institution that becomes a victim of DDoS spends all of its resources defending against the attack, “many of which may be crippled by the attack itself,” he added. “Having colleagues to work with means that you can do the analysis in real time across a number of sites… The chances that you’re going to be able to zero in on the attack vectors and remediate them quickly and effectively is much, much higher.”

NWACC, which counts numerous large institutions among its membership, including the universities of Washington, Oregon, Alaska and Hawaii, also has many other smaller members that are “simply not equipped — don’t have the staffing, don’t have the depth of expertise — to really defend against a concerted denial of service attack,” said Ringle. “So really, the only effective way to deal with this is by collaborating.”

Under the arrangement 10 members of NWACC’s information security group will provide conceptual feedback and perform beta testing. “But over time that could evolve into anything,” Ringle noted. “We’re sort of taking a wait-and-see approach. I don’t think anything is ruled out.”

Goals for the Galois contract with Homeland Security include the reduction of mitigation response time by 50 percent, resulting in peak traffic reduction of 75 to 90 percent; and the reduction of the time between the start of the attack and the detection of the attack by 25 percent. The company said that as a result of those reductions, organizations would be able to detect and block DDoS attacks before they reached “complete network saturation.”

The project is important, Ringle emphasized, because it will help “change the balance between the aggressors and the defenders.” “We are sitting ducks in a way. By banding together, by having these colleges and universities work with another and with Galois, it gives us a leg up. We can’t make the gap disappear entirely, but if we can close it so that we can react almost as fast as they can launch attacks, then that mitigates the damage that their attacks can do, and that makes us much more powerful in terms of defending our campuses and all the data that we manage.”